package com.share.controller;

import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import com.share.service.UserService;
import com.util.MD5Utils;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author caifan
 *
 * 2015年3月25日
 */
@RestController
public class UserController {
	@Autowired
	UserService userService;
	
	@RequestMapping(value="/login") 
	public String login (HttpServletRequest request) {
		//非shiro登录
		/*String username = request.getParameter("username");
		String password = request.getParameter("password");
		Map<String, Object> queryLogin = userService.queryLogin(username, MD5Utils.md5(password));
		if(queryLogin != null) {
			return "success";
		} else {
			return "fail";
		}*/
		return "login";
	}
	
	@RequestMapping(value="/checklogin")
	public String checkLogin(HttpServletRequest request) {
		String username = request.getParameter("username");
		String password = request.getParameter("password");
		Subject subject = SecurityUtils.getSubject();
		UsernamePasswordToken token = new UsernamePasswordToken(username, MD5Utils.md5(password));
		token.setRememberMe(true);
		try {
			subject.login(token);
			request.getSession().setAttribute("account", username);
		} catch (AuthenticationException e) {
			e.printStackTrace();
			return "/login";
			
		}
		
		return "/first";
	}
	
	@RequestMapping(value="/manage/first")
	public String main(HttpServletRequest request) {
		//String 
		return "/manage/first";
	}
	
	@RequestMapping(value="/operation/add")
	public String add(HttpServletRequest request) {
		return "/operation/add";
	}
	
	//@RequiresRoles("administrator")
	@RequestMapping(value="/operation/delete")
	public String delete(HttpServletRequest request) {
		Subject subject = SecurityUtils.getSubject();
		if(subject.hasRole("administrator")) {
			return "/operation/delete";
		} else {
			return "/manage/unauthorized";
		}
	}
	
	
	@RequestMapping(value="/operation/update")
	@RequiresRoles("header")
	public String update(HttpServletRequest request) {
		return "/operation/update";
	}
	
	@RequestMapping(value="/operation/query")
	public String query(HttpServletRequest request) {
		return "/operation/query";
	}
	
	@RequestMapping(value="/search/search")
	public String search(HttpServletRequest request) {
		return "/search/search";
	}
	@RequestMapping(value="/manage/unauthorized")
	public String error(HttpServletRequest request) {
		return "/manage/unauthorized";
	}
	
	@RequestMapping(value="/logout", method=RequestMethod.GET) 
	public String logout() {
		Subject subject = SecurityUtils.getSubject();
		if(subject.isAuthenticated()) {
			subject.logout();
			//return "login";
		}
		return "redirect:login";
	}

}
